This is in reference to your letter dated May 10, 1996, in which you
submitted Pacific Gas & Electric's (PG&E) response to an apparent
violation described in the referenced NRC inspection report, issued April
11, 1996. As described in detail in the inspection report, the apparent
violation involved a failure on the part of PG&E to consider all pertinent
background information before granting a contract employee unescorted
access to the Diablo Canyon Nuclear Power Plant (Diablo Canyon). PG&E
discovered and reported this incident to the NRC in accordance with 10
CFR 73, Appendix G, paragraph I(b), on October 11, 1995, and in Licensee
Event Report 95-S02-00, dated November 9, 1995. The letter transmitting
the April 11, 1996 inspection report stated that the NRC was considering
escalated enforcement action for this apparent violation and requested
a written response from PG&E prior to an enforcement decision being
made.<1>

PG&E's May 10, 1996, response acknowledged that a violation occurred,
but stated that PG&E did not believe the violation should be subject
to escalated enforcement action in light of similar violations and NRC
actions in other cases. PG&E cited NRC enforcement actions against
Philadelphia Electric (Limerick), Georgia Power (Vogtle), and Duke Power
(Catawba, McGuire and Oconee) in support of its position. In addition,
PG&E stated that the violation at Diablo Canyon was: 1) the result
of inadequate communication within the contractor's access control group
and between the contractor and PG&E; 2) self-identified, isolated
and of low safety significance; and 3) promptly and comprehensively corrected.
The corrective actions described by PG&E included suspending the individual's
access; directing the contractor (Westinghouse) to review access information
for all of its employees with unescorted access to Diablo Canyon; suspending
the contractor's access authorization program pending satisfactory resolution
of identified discrepancies; auditing the contractor's access authorization
program; and revising Diablo Canyon procedures relevant to this incident.

Based on the NRC's review of its inspection findings and the information
provided by PG&E in response to the apparent violation, the NRC has
determined that a violation of access authorization requirements occurred.
The violation is described in the enclosed Notice of Violation. Consistent
with past practice, and in accordance with the "General Statement
of Policy and Procedure for NRC Enforcement Actions," (Enforcement
Policy), NUREG-1600, this violation has been classified at Severity Level
III because it resulted in granting unescorted access to an individual
who would not have been granted unescorted access at that time had all
pertinent background information been considered (Enforcement Policy,
Supplement III).

As to your position that the violation should not be subject to escalated
enforcement action in light of NRC enforcement actions at other facilities,
the NRC has reviewed the specific cases that PG&E cited and has determined
that escalated action in the Diablo Canyon case, i.e., the issuance of
a Severity Level III violation, is proper. The other actions that PG&E
cited all involved violations of access authorization requirements, but
lacked a significant factor present in the Diablo Canyon case, i.e., that
derogatory information about an individual had been developed and was
available, and the individual would not have been granted unescorted
access had the derogatory information been considered.

In accordance with the Enforcement Policy, a civil penalty (base value,
$50,000) is considered for a Severity Level III violation. Because your
facility has been the subject of escalated enforcement within the last
2 years,<2> the NRC considered whether credit was warranted for
Identification and Corrective Action in accordance with
the civil penalty assessment process in Section VI.B.2 of the Enforcement
Policy. As discussed in the NRC's inspection report, PG&E's contractor
identified this problem, resulting in PG&E taking prompt action to
correct it. In addition, the NRC views PG&E's corrective actions,
described above, as both prompt and comprehensive.

Therefore, to encourage prompt identification and prompt and comprehensive
correction of violations, I have been authorized, after consultation with
the Director, Office of Enforcement, not to propose a civil penalty for
the Severity Level III violation described in the enclosed Notice of Violation.

The NRC has concluded that information regarding the reason for the violation,
the corrective actions taken and planned to correct the violation and
prevent recurrence, and the date when full compliance was achieved, is
already adequately addressed on the docket in your letter dated May 10,
1996 (PG&E Letter DCL-96-103). Therefore PG&E is not required
to respond to this Notice of Violation unless the description in its May
10, 1996 letter does not accurately reflect its corrective actions or
its position. In that case, or if you choose to respond, you should follow
the instructions in the enclosed Notice of Violation.

In accordance with 10 CFR 2.790 of the NRC's "Rules of Practice,"
a copy of this letter, its enclosure, and any response you choose to submit
will be placed in the NRC Public Document Room (PDR).

During an NRC inspection conducted January 8 through March 29, 1996,
a violation of NRC requirements was identified. In accordance with the
"General Statement of Policy and Procedure for NRC Enforcement Actions,"
NUREG-1600, the violation is listed below:

License Condition 2.E of the licensee's facility operating licenses
require, in part, that the licensee fully implement and maintain in effect
all provisions of the Commission approved Physical Security Plan, including
amendments made pursuant to the authority of 10 CFR 50.54(p).

Paragraph 1.4.1 (Personnel Reliability) of the licensee's Physical
Security Plan, Revision 18, dated November 2, 1994, states that "Personnel
screening for unescorted security access at the Diablo Canyon Power Plant
meets the requirements of 10 CFR 73.57, and all elements of Regulatory
Guide 5.66 (June 1991), Access Authorization Program for Nuclear Plants,
have been implemented to satisfy the requirements of 10 CFR 73.56."

10 CFR 73.56(b) requires in part, that the licensee establish
and maintain an access authorization program with the objective of providing
high assurance that individuals granted unescorted access authorization
are trustworthy and reliable, and do not constitute an unreasonable risk
to public health and safety, including the potential to commit radiological
sabotage. This program must include a background investigation designed
to identify past actions which are indicative of an individual's future
reliability within a protected or vital area of a nuclear power reactor,
including development of information concerning an individual's employment
and credit history. The licensee shall base its decision to grant unescorted
access authorization on review and evaluation of all pertinent information
developed.

10 CFR 73.56(a)(4) requires in part, that if a licensee accepts
an access authorization program used by its contractor, the licensee is
responsible for granting, denying, or revoking unescorted site access
authorization to employees of that contractor.

Contrary to the above, on October 5, 1995, the licensee granted
a contract employee unescorted access to the Diablo Canyon Nuclear Power
Plant without evaluating all pertinent background information developed.
Specifically, the licensee granted unescorted access to an employee of
the Westinghouse Electric Corporation (Westinghouse), a licensee contractor
whose access authorization program had been accepted by the licensee,
based on an October 2, 1995 request for unescorted access authorization
that stated that the individual's background investigation met the requirements
of the Westinghouse access authorization program, and that a full 5-year
background investigation had been satisfactorily completed. In fact, as
of October 2, 1995, Westinghouse had verified substantial derogatory information
about the individual (alcohol use/abuse; previous employment terminations
for cause; trustworthiness issues from previous employers; and derogatory
credit information) and this derogatory information was not provided to
the licensee until October 9, 1995, during a telephone call.

This is a Severity Level III violation (Supplement III).

The NRC has concluded that information regarding the reason for the violation,
the corrective actions taken and planned to correct the violation and
prevent recurrence, and the date when full compliance was achieved, is
already adequately addressed on the docket in the licensee's letter dated
May 10, 1996 (PG&E Letter DCL-96-103). Therefore PG&E is not required
to respond to this Notice of Violation.

However, PG&E is required to submit a written statement or explanation
pursuant to 10 CFR 2.201 if the description in its May 10, 1996 letter
does not accurately reflect its corrective actions or its position. In
that case, or if you choose to respond, clearly mark your response as
"Reply to a Notice of Violation," and send it to the U.S. Nuclear
Regulatory Commission, ATTN: Document Control Desk, Washington, D.C. 20555
with a copy to the Regional Administrator, Region IV, 611 Ryan Plaza Drive,
Suite 400, Arlington, Texas 76011, and a copy to the NRC Resident Inspector
at the facility that is the subject of this Notice, within 30 days of
the date of the letter transmitting this Notice of Violation (Notice).
Under the authority of Section 182 of the Act 42 U.S.C. 2232, any response
submitted shall be submitted under oath or affirmation.

Because any response you choose to submit will be placed in the NRC Public
Document Room (PDR), to the extent possible it should not include any
personal privacy, proprietary, or safeguards information so that it can
be placed in the PDR without redaction. However, if you find it necessary
to include such information, you should clearly indicate the specific
information that you desire not to be placed in the PDR, and provide the
legal basis to support your request for withholding the information from
the public.